CAS 3.x doesn't use a JavaScript redirect. I also just tried with our CAS instance (CAS 3.3.1) on Tomcat 5.5 and didn't encounter the issue.
Cheers, Scott On Mon, Aug 17, 2009 at 3:24 PM, Andrew Feller <[email protected]> wrote: > Israel, > > Hrmmm this is going to be an reaching thought, but what is the session > timeout for JBoss / Tomcat set to? By default, CAS stores some information > within the user’s session for login purposes. I am not sure what happens > whenever you exceed the session timeout yet submit the form successfully. > If you have the Web Developer plugin for Firefox, you will see there are > hidden fields for “lt” and “eventId”. The “lt” value is used by Spring Web > Flow to associate you with an existing “conversation”. > > Anyhow, other than that, I cannot think of why this is going on. I have > received the default view in CAS 3.3.1 and do not see any Javascript to > cause a redirect like you mentioned. Aside from the timeout issue I > mentioned above, the only other thoughts I have are 1) Hitting the reset > button or 2) custom code mucking things up. > > HTH, > A- > > > > On 8/17/09 1:43 PM, "Israel Ben Guilherme Fonseca" <[email protected]> > wrote: > > CAS version 3.3.1 > Java version 1.6.10 > Container: JBoss 4.2.3 GA > > After the 5th try, the page just get cleaned. Example: > > > 1. Setup demo cas.war in servlet container with NO CHANGES > 2. Request /login servlet > 3. Input invalid credentials #1 => Warning message about invalid > credentials > 4. Input invalid credentials #2 => Warning message about invalid > credentials > 5. Input invalid credentials #3 => Warning message about invalid > credentials > 6. Input invalid credentials #4 => Warning message about invalid > credentials > 7. Input *valid* credentials #5 => Some type of Javascript redirect > occurs where you are sent back to the /login but the message is gone. (Even > with valid credentials, nothing happens) > > > 2009/8/17 Andrew Feller <[email protected]> > > Israel, > > So let me see if I understand this correctly: > > CAS version: 3.1.0 > Java version: 1.X.X > Servlet container: XXXXXXX > Servlet container version: X.X.X > > STEPS TO REPRODUCE BEHAVIOR > > > 1. Setup demo cas.war in servlet container with NO CHANGES > 2. Request /login servlet > 3. Input invalid credentials #1 => Warning message about invalid > credentials > 4. Input invalid credentials #2 => Warning message about invalid > credentials > 5. Input invalid credentials #3 => Warning message about invalid > credentials > 6. Input invalid credentials #4 => Warning message about invalid > credentials > 7. Input invalid credentials #5 => Warning message about invalid > credentials > 8. Some type of Javascript redirect occurs where you are sent back to > the /login but the message is gone > > > Is this correct? > > > > On 8/17/09 12:30 PM, "Israel Ben Guilherme Fonseca" <[email protected]< > http://[email protected]> > wrote: > > Andrew, i did test it with a plain "cas.war" and got the same behavior. I > think it's happening with all fresh CAS installations. > > 2009/8/17 Andrew Feller <[email protected] <http://[email protected]> > > > Zeeshan, > > The default view doesn't have any special logic like this as far as I know. > However as we don't know the extent of your changes, it is difficult to > troubleshoot this blindly. > > My knee jerk thoughts: > > 1. Have you modified the Spring Web Flow process to include any additional > actions? > 2. Have you rewired existing Spring Web Flow actions? > 3. What type of Javascript changes have you made to the CAS login page? > 4. Have you tried installing the Live HTTP Headers plugin for Firefox to > record HTTP traffic to investigate whether this is due to the server or > Javascript? > > HTH, > A- > > On 8/17/09 9:45 AM, "israel.bgf" <[email protected] < > http://[email protected]> > wrote: > > > > > I'm with the exactly same problem, and i'm looking for a solution too. > Did > > you find something Zeeshan? > > > > zeeshanilyas wrote: > >> > >> Hi, > >> > >> I am using CAS 3.1 to implement Single Sign On functionality. I have > >> modified CAS according to our requirements which include adding password > >> Reset functionality and password expiry mechanisms. All is working fine > >> but during testing I noticed that if you repeatedly try to login with > >> wrong credentials then on the 5th try the login screen refreshes. I am > >> using the default screen with some changes. > >> > >> Is there anyway to stop this behaviour. Is it a default spring mvc > >> behaviour or is this part of the CAS specification (there is no mention > of > >> this behaviour in the documentation). > >> > >> I will appreciate it if someone can point to the right direction > regarding > >> this. > >> > >> Kind Regards, > >> > >> Zeeshan > >> > > -- > Andrew Feller, Business System Programmer > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > > > -- > You are currently subscribed to [email protected] < > http://[email protected]> as: [email protected] < > http://[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > Andrew Feller, Business System Programmer > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
